<?php
defined('CITY_BAO') or exit('Access Denied');
require CB_CORE.'modules/'.$config_module['module'].'/common.inc.php';
$action = $request->getParam('action','step1');
$form_validate = form_validate('login');
$tpl->assign('validate',$form_validate);
if($request->isPost()){
	$validate = trim($request->getParam('validate'));
	if($validate != $form_validate){
		$error = '数据来源校验失败！';
		show_message($error,'-1');
	}
}
switch ($action){
	case 'editpw':
		$verifystr = trim($request->getParam('verifystr'));
		if($request->isPost()){
			if(verify_validate_code($verifystr)){
				$username = trim($request->getParam('username'));
				$password = trim($request->getParam('password'));
				$password2 = trim($request->getParam('password2'));
				$result = check_password($password,$password2);
				if($result!==true){
			    	$error = $result;
			    	show_message($error);
			    }else{
		    		$result = $cbdb->query("UPDATE {#cbdbPrefix}members SET password='".md5($password)."' WHERE username='".$username."'");
					if($result){
						$tpl->assign('title',"找回密码成功");
						$tpl->display('member/getpass-success.tpl');
					}else{
						$user = $cbdb->get_row('SELECT * FROM {#cbdbPrefix}members WHERE username="'.$username.'" LIMIT 0,1');
						if($user){
							show_message('重置密码失败，请重新尝试提交密码找回！',INSTALL_PATH.'member/getpass.php');
						}else{
							show_message('用户名不存在，重置密码失败，请重新尝试提交密码找回！',INSTALL_PATH.'member/getpass.php');
						}
					}
			    }
			}else{
				show_message('对不起，链接不正确，或已经失效，请重新尝试提交密码找回！',INSTALL_PATH.'member/getpass.php');
			}
		}else{
			if(verify_validate_code($verifystr,false)){
				$tpl->assign('title',"重新设置您的密码");
				$tpl->display('member/getpass-editpw.tpl');
			}else{
				show_message('对不起，链接不正确，或已经失效，请重新尝试提交密码找回！',INSTALL_PATH.'member/getpass.php');
			}
		}
		break;
	case 'step4':
		$method = trim($request->getParam('method'));
		$username = trim($request->getParam('username'));
		$profile = $cbdb->get_row('SELECT m.*,p.* FROM {#cbdbPrefix}members m,{#cbdbPrefix}member_profile p WHERE m.username="'.$username.'" AND m.userid=p.userid LIMIT 0,1');
		if($method == 'email' || $method == 'qq'){
			$message = "亲爱的用户{$username}:\r\n";
			$message.= "    您好！\r\n";
			$message.= "您在".date("Y年m月d日 H:i:s")."提交找回密码请求，请点击下面的链接修改密码。\r\n";
			$message.= "为了保障您帐号的安全性，该链接有效期为48小时，48小时后此邮件失效，您将需要重新提交密码找回！\r\n";
			$message.= $request->getIndexUrl()."member/getpass.php?action=editpw&verifystr=".get_validate_code($username,48)."\r\n";
			$message.= "(如果您无法点击这个链接，请将此链接复制到浏览器地址栏后访问)\r\n";
			$message.= "如果您错误地收到了此电子邮件，您无需执行任何操作来取消密码找回！您的帐户密码将不会被修改。\r\n";
			$message.= "设置QQ号码、设置验证邮箱、设置密码保护问题将更好地保障您的帐号安全，建议您设置安全验证。\r\n";
			$message.= "如有其他问题，请联系我们".$config_core['admin_email']."\r\n";
			$message.= "\r\n";
			$message.= "                                ".$config_core['site_name']."\r\n";
			$message.= "                                ".date("Y年m月d日")."\r\n";
		}
		if($profile){
			switch ($method){
				case 'question':
					$answer = trim($request->getParam('answer'));
					$password = trim($request->getParam('password'));
					$password2 = trim($request->getParam('password2'));
					$result = check_password($password,$password2);
					if($result!==true){
				    	$error = $result;
				    	show_message($error);
				    }else{
				    	if($answer == $profile->answer){
				    		$result = $cbdb->query("UPDATE {#cbdbPrefix}members SET password='".md5($password)."' WHERE username='".$username."'");
							if($result){
								$tpl->assign('title',"找回密码成功");
								$tpl->display('member/getpass-success.tpl');
							}else{
								show_message("重置密码失败，请稍后再试！");
							}
				    	}else{
				    		show_message("密码提示问题答案错误！");
				    	}
				    }
					break;
				case 'email':
					$email = trim($request->getParam('email'));
					if($email == $profile->email){
						$result = send_mail($email,$config_core['site_name'].'取回密码',$message);
						if($result === true){
							$tpl->assign('title',"通过您的邮箱找回密码");
							$tpl->assign('email',$email);
							$tpl->display('member/getpass-step4-email.tpl');
						}else{
							show_message("对不起，往您的信箱（".$email."）发送邮件时出现错误，请与系统管理员（".$config_core['admin_email']."）联系！");
						}
					}else{
						show_message("邮箱地址填写错误，请重试，或尝试其他密码找回方式！！");
					}
					break;
				case 'qq':
					$qq = trim($request->getParam('qq'));
					if($qq == $profile->qq){
						$email = $qq."@qq.com";
						$result = send_mail($email,$config_core['site_name'].'取回密码',$message);
						if($result === true){
							$tpl->assign('title',"通过您的QQ找回密码");
							$tpl->assign('email',$email);
							$tpl->display('member/getpass-step4-qq.tpl');
						}else{
							show_message("对不起，往您的QQ信箱（".$email."）发送邮件时出现错误，请与系统管理员（".$config_core['admin_email']."）联系！");
						}
					}else{
						show_message("QQ号码填写错误，请重试，或尝试其他密码找回方式！！");
					}
					break;
				default:
					show_message('请指定合适的密码找回方式！');
					break;
			}
		}else{
			$error = '不存在该用户名（'.$username.'）的用户！';
			show_message($error,'-1');
		}
		break;
	case 'step3':
		if(!$request->isPost()){
				$error = '非法操作，来路不正确！';
				show_message($error);
		}
		$method = $request->getParam('method');
		$username = trim($request->getParam('username'));
		$captcha = trim($request->getParam('captcha'));
		if(!isset($_SESSION['AuthCode'])){
			$error = '验证码已过期！';
			show_message($error,'-1');
		}elseif(md5($captcha) != $_SESSION['AuthCode']){
			$error = '验证码输入错误！';
			show_message($error,'-1');
		}
		unset($_SESSION['AuthCode']);
		$profile = $cbdb->get_row('SELECT m.username,p.question,m.email,p.qq FROM {#cbdbPrefix}members m,{#cbdbPrefix}member_profile p WHERE m.username="'.$username.'" AND m.userid=p.userid LIMIT 0,1');
		if($profile){
			$tpl->assign('method',$method);
			switch ($method){
				case 'question':
					if($profile->question){
						$tpl->assign('title',"通过密码提示问题找回密码");
						$tpl->assign('username',$profile->username);
						$tpl->assign('question',$profile->question);
						$tpl->display('member/getpass-step3-question.tpl');
					}else{
						show_message("您没有设置密码提示问题，请尝试其他密码找回方式！");
					}
					break;
				case 'email':
					if($profile->email){
						$tpl->assign('title',"通过您的邮箱找回密码");
						$tpl->assign('username',$profile->username);
						$tpl->display('member/getpass-step3-email.tpl');
					}else{
						show_message("您没有设置安全邮箱，请尝试其他密码找回方式！");
					}
					break;
				case 'qq':
					if($profile->qq){
						$tpl->assign('title',"通过您填写的QQ号码找回密码");
						$tpl->assign('username',$profile->username);
						$tpl->display('member/getpass-step3-qq.tpl');
					}else{
						show_message("您没有设置QQ号码，请尝试其他密码找回方式！");
					}
					break;
				default:
					show_message('请指定合适的密码找回方式！','-1');
					break;
			}
		}else{
			$error = '不存在该用户名（'.$username.'）的用户！';
			show_message($error,'-1');
		}
		break;
	case 'step2':
		$method = $request->getParam('method');
		if(!in_array($method,array('question','email','qq'))){
			show_message('请指定合适的密码找回方式！','-1');
		}
		$tpl->assign('title',"找回密码->输入用户名");
		$tpl->assign('method',$method);
		$tpl->display('member/getpass-step2.tpl');
		break;
	case 'step1':
	default:
		$tpl->assign('title',"找回密码");
		$tpl->display('member/getpass-step1.tpl');
		break;
}